NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from Category 3 to Category 2 as of June 13, 2003.
W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email addresses, purporting to have been sent by Microsoft (email@example.com). The worm finds the addresses in the files with the following extensions:
Email Routine Details
The email message has the following characteristics:
The subject line will be one of the following:
- Your details
- Approved (Ref: 38446-263)
- Re: Approved (Ref: 3394-65467)
- Your password
- Re: My details
- Cool screensaver
- Re: Movie
- Re: My application
All information is in the attached file.
The attachment name will be one of the following:
- The worm de-activates on May 31, 2003, and therefore, the last day on which the worm will spread is May 30, 2003.
- Virus definitions dated prior to May 19, 2003 may detect this threat as W32.HLLW.Mankx@mm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.